Are there any mirrors of Dropbear releases? OpenWRT used to use http://www.mirrors.wiretapped.net/security/cryptography/apps/ssh/dropbear/ but it seems that mirror is now defunct.
On Fri, Oct 4, 2013 at 10:38 AM, Matt Johnston <[email protected]> wrote: > Hi all, > > Dropbear 2013.59 has been released. It fixes a number of > bugs, including two security issues affecting prior > releases. > > - The Dropbear server could be made to consume large amounts > of memory because decompressed packet sizes weren't checked. > Depending on the OS and hardware this might be a denial of > service. > > - Valid users could be identified due to timing variations. > > As usual you can download it from > https://matt.ucc.asn.au/dropbear/dropbear.html > > > Cheers, > Matt > > 2013.59 - Friday 4 October 2013 > > - Fix crash from -J command > Thanks to Lluís Batlle i Rossell and Arnaud Mouiche for patches > > - Avoid reading too much from /proc/net/rt_cache since that causes > system slowness. > > - Improve EOF handling for half-closed connections > Thanks to Catalin Patulea > > - Send a banner message to report PAM error messages intended for the user > Patch from Martin Donnelly > > - Limit the size of decompressed payloads, avoids memory exhaustion denial > of service > Thanks to Logan Lamb for reporting and investigating it > > - Avoid disclosing existence of valid users through inconsistent delays > Thanks to Logan Lamb for reporting > > - Update config.guess and config.sub for newer architectures > > - Avoid segfault in server for locked accounts > > - "make install" now installs manpages > dropbearkey.8 has been renamed to dropbearkey.1 > manpage added for dropbearconvert > > - Get rid of one second delay when running non-interactive commands > > Releases are signed by PGP key [email protected] 4C647FBC > D11E 5F8D 2C38 523F 57F1 2166 8CF9 F8B0 4C64 7FBC
